{% set ssh_tunnel_target_ip = undercloud_network_cidr|nthhost(2) if undercloud_generate_service_certificate|bool else undercloud_network_cidr|nthhost(1) %}

[Unit]
Description=Set up ssh tunneling for TripleO
After=network.target

[Service]
ExecStart=/usr/bin/ssh -NT -o \
   ServerAliveInterval=60 -o \
   UserKnownHostsFile=/dev/null -o \
   StrictHostKeyChecking=no -o \
   ExitOnForwardFailure=no -i \
   {{ working_dir }}/id_rsa_undercloud {{ ssh_user }}@{{ undercloud_ip }} \
   -L 0.0.0.0:6385:{{ ssh_tunnel_target_ip }}:6385 \
   -L 0.0.0.0:5000:{{ ssh_tunnel_target_ip }}:5000 \
   -L 0.0.0.0:5050:{{ ssh_tunnel_target_ip }}:5050 \
   -L 0.0.0.0:8004:{{ ssh_tunnel_target_ip }}:8004 \
   -L 0.0.0.0:8080:{{ ssh_tunnel_target_ip }}:8080 \
   -L 0.0.0.0:9000:{{ ssh_tunnel_target_ip }}:9000 \
   -L 0.0.0.0:8989:{{ ssh_tunnel_target_ip }}:8989 \
   -L 0.0.0.0:3000:{{ ssh_tunnel_target_ip }}:3000 \
   -L 0.0.0.0:443:{{ ssh_tunnel_target_ip }}:443 \
   -L 0.0.0.0:13000:{{ ssh_tunnel_target_ip }}:13000 \
   -L 0.0.0.0:8181:overcloud.localdomain:80 \
   -L 0.0.0.0:8443:overcloud.localdomain:443


# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always

[Install]
WantedBy=multi-user.target
